Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!

Touch UI RTE removing data attributes

Avatar

Level 2
Level 2
9/13/18 6:08:30 PM

Hi,

I have extended the link plugin for the RTE that adds some data attributes to the link.

The problem is that when opening the inline editor, everything loads ok, but when opening with a in-dialog RTE it strips all data attributes from the links.

I have:

Disabled link checking just in case even though this is not an href probelm

Override the xssconfig to allow for the specific data attributes

Debug the RTE but can't find where the value gets stripped. the "change" event when clicking the ok button returns the proper markup. Markup is properly loaded in HTL, but when reopening, attributes are stripped when loaded into the text editor of the RTE.

Any ideas?

Views

10.3K

Replies

11
Sign in to like this content

Total Likes

Translate
Translate
11 Replies

Avatar

Community Advisor
Community Advisor
9/14/18 12:19:05 AM

Hi,

Could you please share the RTE package?

Regards,
Himanshu

Views

8.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
9/14/18 2:07:44 AM

Hi,

Could you please check similar thread where link plugin is extended to add 'rel' attribute

Experiencing Adobe Experience Manager - Day CQ: AEM 62 - Touch UI Extend Rich Text Link Dialog, Add ...

You can check /libs/clientlibs/granite/richtext/core/js/HtmlSerializer.js file for debugging, to see where value is getting stripped.



Arun Patidar

Views

8.8K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/14/18 11:07:02 AM
In response to arunpatidar

I checked the serializer and its returning the HTML Ok. Attached screenshot of an example link after serialize function ended.

I also checked the data on JCR and looks like its being saved properly, which led me to believe this is an HTL context problem. I have it set to 'html'. Setting it to unsafe does render the data attributes fine. Where do I include the rules to allow these data attributes in the html context?

serialize function end.PNG

Views

8.8K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/14/18 3:36:43 PM
In response to arunpatidar

I did the changes but didn't do the trick. context='html' is still stripping the data attributes from the markup. I tried with context='unsafe' and that helped getting the markup render properly now.

The inplace editor of my text component (RTE) is able to read all this data properly and loads the plugin dialog properly with the data. However, when using the dialog richtexteditor, it keeps stripping away the data attributes (when loading). It saves the attributes fine, but on next load, it will remove them.

Attached are:

Text component

clientlib with link dialog extended

xssconfig file stored at:

     - /apps/sling/xss/config.xml

     - /apps/cq/xssprotection/config.xml

After making changes to these xssconfig files I made sure to restart my instance every time.

Thanks

f.-

Note: there are 2 widgets in the rte override clientlib, just the links is relevant.

Views

8.8K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/18/18 8:18:09 AM

So, for anyone who has the same issue, the RTE editor strips the data attributes because the xssFiltering is enabled at dialog level. I used the xssDisableFiltering in my text node of my dialog and that did the trick.

Views

8.8K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
9/18/18 8:27:43 AM
In response to notyourcat

Thanks for sharing. Could you please tell what value you added for xssDisableFiltering in property. Screenshots will be helpful.



Arun Patidar

Views

8.8K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/18/18 10:24:29 AM
In response to arunpatidar

Sure.

So steps I took to solve this issue:

1. Override libs/cq/xssprotection/config.xml to include my data attributes: This will allow context html to render them.

2. To avoid RTE editor to strip them, I have disabled xss filtering for both dialog and inplace editor by adding the property to the text node and the config node of the cq:inplaceEditing node using the disableXSSFiltering property of the RTE.

Images attached:

1574136_pastedImage_2.png

1574135_pastedImage_1.png

Now, my plugin and my markup both have the data attributes from my custom plugin.

Views

8.8K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/3/23 11:28:19 PM
In response to notyourcat

same implementation we required with AEM content fragment RTE. Which node, I can update disableXSSFiltering property.

@notyourcat @arunpatidar @Himanshu_Singhal 

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Adobe Developers Live, November 2024, Session | UI Extensibility - Magic Buttons and how to build them.

Views

43

Likes

0

Replies

0
Modify the paraformat options within the AEM RTE of the Text Core Component

Views

298

Likes

0

Replies

5
I need to remove [publish page] and [unpublish page] options in page list

Views

264

Likes

0

Replies

6
Options for validating Bulk import/export of data

Views

273

Likes

0

Replies

2
How can I allow my AIO instance to access data form my AEM instance

Views

256

Likes

0

Replies

3